serviceProvisioningErrors and isManagementRestricted are read-only

[slavizh]

Bicep version
Bicep CLI version 0.37.4 (27cc8db2ed)

Resource and API version
Which Microsoft.Graph resource and API version has the issue?
br:mcr.microsoft.com/bicep/extensions/microsoftgraph/v1.0:1.0.0
Microsoft.Graph/groups@v1.0

Auth flow
Is the deployment interactive (e.g. with a signed in user) or automated (e.g. with an application)?
automated

Deployment details
If it's related to deployment failures, please provide the deployment correlation id, Microsoft Graph client request id, and deployment timestamp if applicable.

     | {"error":{"code":"BadRequest","target":"/resources/entraGroupRes","message":"Property 'isManagementRestricted' is read-only and cannot be set. Graph client request id: 2b1bc71c-e934-4a39-812e-0485ef5846a5. Graph request timestamp: 2025-08-13T06:26:15Z."}} (Code:)   Status Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. (Code: DeploymentFailed)  - {"error":{"code":"BadRequest","target":"/resources/entraGroupRes","message":"Property 'isManagementRestricted' is read-only and cannot be set. Graph client request id: 78021ae2-a18b-469b-90eb-684b206292cd. Graph request timestamp: 2025-08-13T06:26:16Z."}} (Code:)   Status Message: {"error":{"code":"BadRequest","target":"/resources/entraGroupRes","message":"Property 'isManagementRestricted' is read-only and cannot be set. Graph client request id: 0e372f02-4076-4371-8cf8-e5c02f9e8571. Graph request timestamp: 2025-08-13T06:26:15Z."}} (Code:DeploymentOperationFailed)  CorrelationId: 334da1c4-cc8f-442c-900d-15a7fbb62587

Describe the bug
Both serviceProvisioningErrors and isManagementRestricted properties are read-only but they appear as possible to write.

To Reproduce
Define Microsoft.Graph/groups@v1.0 resource and see that you can add the properties.

Additional context
Add any other context about the problem here. For example, what permissions does the identity have if it's a permission issue?

[dkershaw10]

@slavizh - Thanks. Both of these properties are read-only properties as far as I know. Looking at the REST API docs, isManagementRestricted is documented as read-only. Unfortunately, serviceProvisioningErrors is not.

When I look at the Graph Bicep reference, I see that these properties are not marked as ReadOnly in the Bicep type definitions.
We can get that fixed.

[dkershaw10]

Will check if there are other read-only properties and we'll get them all fixed up together.